SRFirewall is an easy to use, but still quite capable firewall for Netfilter/iptables. It is a complete rewrite of Firewall/SOSDG, designed to make it easy for users to configure and protect their Linux servers, routers, and gateways.

VyOS is a Linux distribution for routers and firewalls which features a unified commandline interface and a single configuration file, with an API for extending it. It includes BGP, OSPF, and RIP routing protocols, policy-based routing, a DHCP and caching DNS server, a Web proxy, and more. It runs on x86 physical machines and a variety of hypervisors, including KVM, Xen, VMWare, and Hyper-V. VyOS is forked from Vyatta and based on VC6.6 source code.

RCPlive is a router live CD based on Debian 7 and the RCP100 routing suite. It is a flexible firewalling and routing platform, configured using a command line interface syntax similar to the one found in commercial routers. The software runs directly from a read-only CD or USB stick, and provides persistence by saving the configuration into a file placed on an existing disk partition.

Dowse eases the configuration of network routing for a local area network, starting from the setup of ARP-level static entries of known peers, IP-level firewall, DHCP configuration, and local DNS cache, up to an application layer transparent proxy and optional gateways to anonymous networks such as Tor and I2P. It consists of a minimalistic script which can run on any GNU/Linux box and which, from a central configuration point, controls Ebtables, Iptables, and all the daemons needed for such operations: DnsMasq, Squid2, and Privoxy. It comes with a module system for contributed add-ons like DNSCrypt-proxy and HTTPS-everywhere.

Sanewall is a firewall builder for Linux that uses an elegant language abstracted to just the right level.
This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls.
Sanewall can be used for almost any purpose,
including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers,
all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need. Sanewall is a fork of FireHOL and can make use of existing FireHOL configurations.

Sphirewall is a user-centric analytical network firewall/router. Out-of-the box, it provides user authentication coupled with powerful analytics which provide you with complete control over your network and users. With Sphirewall, you can manage and understand what is happening on your network with features such as qos, bandwidth quotas, user authentication, and much more. Not built on iptables, it is able to do things which other Open Source firewalls can't. Its very flexible, and with its open JSON API, can easily be plugged into any existing environment.

Jkaptive is a simple captive portal without RADIUS (and thus without total security, but at the same time without too much hassle). The reason behind this is because a lot of site administrators don't need tight security; their site is just a café that offers free Internet access on an unsecured WLAN access point connected to the Internet, and they need a ticketing system to make it cumbersome for average people to use this offering without actually buying a single coffee. Jkaptive itself just presents the login page and checks the token. The blocking of unticketed traffic is done through Linux' netfilter. As no proxy server is involved, jkaptive has no performance penalty, nor does it create problems with non-HTTP traffic. Once the token is accepted, jkaptive is out of the way of any network packets completely.
For presenting the login page, jkaptive has a built-in Web server, so no additional Web server application is needed.

iplock is a simple tool for adding or removing IP addresses to your iptables firewall to protect your services such as Apache and Postfix. It reads a configuration file where iptables commands and ports are defined.